Jenny Craig Simplifies Security

Security for its 515 nationwide weight-control centers was being managed remotely, resulting in excessive IT maintenance and a lack of visibility.

Jenny Craig Inc. last summer embarked on a strategy to simplify its security management. Security for its 515 nationwide weight-control centers was being managed remotely, resulting in excessive IT maintenance and a lack of visibility into systemwide security issues.

The catalyst for the security upgrade was plans for a new data warehouse and a Web-based client-profiling application. Before the $280 million-a-year company felt comfortable going live with applications chock-full of sensitive customer data, it needed to ensure safeguards were in place to protect that data.

Jenny Craig turned to network security-gear-maker Fortinet Inc. and several of its security appliances to centralize and strengthen its security.

With the Fortinet deployment under way, the company's antivirus and security-rule updates are now automatic. If a security incident does occur, Jenny Craig's IT staff can spot it right away. "Before, we didn't see these things. Now we can look in one place and see what's happening in each of the centers," says Jeff Nelson, Jenny Craig's IT director.

Before it began its security-management overhaul, Jenny Craig had been using VPN software that was loaded on each PC and remotely dialed into the corporate office. Other security safeguards, such as antivirus and firewall software, were deployed at each of its retail centers.

But over time, updating security software at each location became a "high-maintenance operation," Nelson says. To make matters worse, Jenny Craig had been routing all of the Web traffic from its retail centers through a dedicated server located at its home office for Web-content filtering, partly to prevent employees from accessing inappropriate Web content. That approach created a bottleneck and slowed down Web traffic.

The company began deploying about 100 FortiGate-60 appliances at 100 of its centers. The appliances provide antivirus and Web-based malicious-content protection, as well as integrated firewall, content filtering, VPN, and network-intrusion detection and prevention capabilities.

Jenny Craig also deployed two FortiGate-800 systems at its headquarters for secure high availability, as well as two FortiGate-400 systems at its Web-hosting provider to authenticate employee access to all of its intranet applications. To centrally manage the devices, Jenny Craig uses Fortinet's FortiManager software.
Another benefit: Employees no longer have to launch VPN client software to access corporate applications. The FortiGate-400s now authenticate all employees accessing the intranet. This has reduced the number of calls coming into the IT help desk. "People would call support wondering why they couldn't access applications, and many times it turned out they forgot to launch the client VPN software," Nelson says.

With 110 weight-control centers secured with Fortinet gateways, Nelson says the next step over coming months will be to deploy a security gateway at each of its remaining corporate centers and franchises. Since the installation of the FortiGates, Nelson says, "we've not been hit with any malicious software."

As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.